The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is specified
in the Security Content Automation Protocol (SCAP) format and constitutes
a catalog of practical hardening advice, linked to government requirements
where applicable. The project bridges the gap between generalized policy
requirements and specific implementation guidelines. The system
administrator can use the oscap CLI tool from openscap-scanner package, or the
scap-workbench GUI tool from scap-workbench package to verify that the system
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
further information.
* Mon Dec 01 2025 Artem Denisov <adenisov@redhat.com> - 0.1.79-1
- Rebase scap-security-guide to the latest upstream version 0.1.79 (RHEL-130249)
- Introduce configure_custom_crypto_policy_cis rule to restrict weak ciphers in RHEL CIS profiles (RHEL-111896)
- Cover configuration of maxseq parameter in pwquality in all CIS profiles (RHEL-128593)
- Add missing requirement to configure_custom_crypto_policy_cis rule (RHEL-76009)
- Enable sshd_disable_forwarding rule for RHEL8 (RHEL-76009)
- Fix idempotency of network_ipv6_privacy_extensions rule (RHEL-106813)
- Make enable_authselect rule not applicable in containers (RHEL-84439)
* Tue Sep 16 2025 Matthew Burket <mburket@redhat.com> - 0.1.78-1
- Rebase scap-security-guide to the latest upstream version 0.1.78 (RHEL-111011)
- Rule service_rngd_enabled is now evaluated on RHEL >= 8.4 in case kernel is not in FIPS mode (RHEL-95188)
- Use default order in rule configure_gnutls_tls_crypto_policy (RHEL-1821)
- Renable building of bash scripts (RHEL-105501)
* Tue Jun 03 2025 Matthew Burket <mburket@redhat.com> - 0.1.77-1
- Rebase scap-security-guide to the latest upstream version 0.1.77 (RHEL-94802)
- STIG: do not remediate rule disabling user namespaces (RHEL-76750)
* Tue Feb 25 2025 Vojtech Polasek <vpolasek@redhat.com> - 0.1.76-1
- rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-74241)
* Fri Nov 15 2024 Matthew Burket <mburket@redhat.com> - 0.1.75-1
- Rebase scap-security-guide to the latest upstream version (RHEL-66153)
- detection of Grub2 kernel command line arguments has been enhanced to cover more use cases (RHEL-53365)
* Mon Aug 19 2024 Vojtech Polasek <vpolasek@redhat.com> - 0.1.74-3
- fix build
- keep firefox and rhel8 ds-1.2 files in the package in form of symbolic links to regular ds files
* Fri Aug 16 2024 Vojtech Polasek <vpolasek@redhat.com> - 0.1.74-2
- include RHEL 7 artifacts from the last RHEL 7 build
* Fri Aug 09 2024 Matthew Burket <mburket@redhat.com> - 0.1.74-1
- Rebase to a new upstream release 0.1.74 (RHEL-53913)
- Improve Rsyslog rules to support RainerScript syntax (RHEL-1816)
- Update password hashing settings for ANSSI-BP-028 (RHEL-54390)
* Wed Aug 07 2024 Milan Lysonek <mlysonek@redhat.com> - 0.1.73-2
- Switch gating to tmt plan (RHEL-43242)
* Tue May 21 2024 Jan Černý <jcerny@redhat.com> - 0.1.73-1
- Rebase scap-security-guide package to version 0.1.73 (RHEL-36733)
- Change crypto policy used in the CUI profile to FIPS (RHEL-30346)
- Fix file path identification in Rsyslog configuration (RHEL-17202)
- Use a correct chrony server address in STIG profile (RHEL-1814)
- Don't BuildRequire /usr/bin/python3 (RHEL-2244)
